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Abstract 

Separating codes have their applications in collusion-secure fingerprint- 
ing for generic digital data, while they are also related to the other structures 
including hash family, intersection code and group testing. In this paper we 
study upper bounds for separating codes. First, some new upper bound for 
restricted separating codes is proposed. Then we illustrate that the Upper 
Bound Conjecture for separating Reed-Solomon codes inherited from Sil- 
verberg's question holds true for almost all Reed-Solomon codes. 

Keywords: Separating Code, Fingerprinting, Silverberg's Question 

1 Introduction 

Let Q be an arbitrary set of q elements, n be a positive integer, and C be a code 
of length n with the alphabet set Q. For a nonempty subset U of C we define 
descendant set and feasible set by descC/ := {x € Q n | for every i there exists a G 
U such that ai = Xi} and F(U) := {x £ Q n | if all words in U coincide on ith 
coordinate for some i, then Xi also takes the value.}, respectively, where Xi denotes 
the ith coordinate of vector x. 

Definition 1 Let w\,W2 be positive integers and let's assume that at least one 
of them is larger than one. The code C is said to be {w\ 1 w<i)— separating code, if 
the descendant sets of any two disjoint subsets ofC with not more than w\ and u>2 
codewords, respectively, are also disjoint. By replacing descendant sets by feasible 
sets, we get the definition of restricted (wi,W2)— separating codes. 

We call (w, 1)— separating code by w— FP code, and (w, w)— separating code 
by w— SFP code for w > 1. Since separating codes are powerful weapon of anti- 
collusion fingerprinting, many recent works were done in the literature. Particu- 
larly, the upper bound on the number of codewords in separating codes for given 
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alphabet size q and code length n has been considered. The strongest upper bound 
ever found for w-SFP codes is M < (2w 2 - 3w + 2)g'^r] _ 2w 2 + 3w - 1 
of [4], where the result for (wi, W2) — separating codes were also suggested. Re- 
stricted separating codes were introduced in [8], and their behaviors such as the 
bound of code rate were investigated in [Q] |9l and so on. They have still wider 
application than separating codes, although their upper bound has not been studied 
in earlier works. To understand Silverberg's conjecture and related upper bound 
question, we need to refer to the concept of IPP code. 

Definition 2 Let C be a code of length n and w > 2 be a positive integer. The 
code C is said to be w—IPP, if for any x £ Q n , the intersection of all subsets 
of C that contain not more than w codewords and involve x in the corresponding 
descendant set, is not empty. 

WV(Identifiable Parent Property) code is another important class of fingerprint- 
ing codes. It is easy to prove that w— IPP implies w— SFP. The following results 
are well known in fingerprinting code theory. 

Theorem 1 (Theorem 4.4 in fififi) Let C be a code of length n. If the minimum 
distance of C satisfies d > n(l — ^j), then C is a w—IPP code. 

Theorem 2 (Proposition 7 in £5]/) Let C be a code of length n. If the minimum 
distance of C satisfies d > n(l — W ^ W2 ), then C is a (w\, W2)— separating code. 

In 0, Silverberg considered applications of Reed-Solomon codes as well as 
other algebraic geometry codes to collusion-secure fingerprinting techniques, where 
he proposed the following open problem. 

Question 1 Is it the case that all w—IPP Reed-Solomon codes satisfy the con- 
dition d > n(l K)? 

For Reed-Solomon codes, d = n—k+1 = q—kso we can replace the statement 
d > n(l K) with k < + 1. Since the number of codewords in Reed- 

Solomon code of dimension k is M = q , it now equals with M < q' ~^ 1 . Thus, 
Silverberg's problem conjectures the upper bound of IPP Reed-Solomon codes, 
which is exactly optimal if true from Theorem 1. Silverberg's problem was studied 
in 0. They showed that a large family of Reed-Solomon codes holds Question 1 
positive. What is interesting for their work is that the family satisfies more general 
fact. The main result of Q is as follows. From now we denote Reed-Solomon 
code of dimension k over ¥ q by RSk(q)- 

Theorem 3 (Theorem 7 in [71) Suppose that k — 1 | q — 1. If the code RSk(q) 
is (wi,W2) — separating, then k < £~ W2 + 1- 

We can easily check that Theorem 3 suggests the conjecture of the upper bound 

r ™ "I 

M < q 1 ™i™2 for separating Reed-Solomon codes. 
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Question 2 (Upper Bound Conjecture for Separating Reed-Solomon Codes) Is 
it the case that all (w\, W2)— separating Reed-Solomon codes satisfy the condition 



If Question 2 holds positive for all cases, then it would turn out we obtain 
the optimal upper bound of separating Reed-Solomon codes by Theorem 2. The 
proof of that, however, is not easy. The goal of this paper is firstly, to get a new 
upper bound for restricted separating codes, and secondly to illustrate that almost 
all separating Reed-Solomon codes involving those of [7] allow the positive answer 
for Question 2. 

2 Main Results 

2.1 Upper Bound for Restricted Separating Codes 

Our new bound for restricted (w, w) —separating code is stated in Theorem 4. Note 
that the bound is independent on alphabet size. 

Theorem 4 Let w > 3 be a positive integer. If C is a code of length n with M 
codewords and satisfies (w, w)— separating property, then 

M < \ +w-2 

Proof. Pick an arbitrary subset U of C with w — 2 codewords. We can assume 
that all the elements of U = {x^\ ■ ■ ■ , x^ w ~ 2 ^} coincides on and only on the first 

d coordinates. Set S = {1, 2, • • • , d} and define T(y) := {i € S \ yi = } for 
all y G C\U. If y,z,t £ C\U are distinct elements, the followings hold true. 



(1) r(y)nr(*)^ 

(2) T(y) £T(z) 

(3) T(y)nT(z)^S 

(4) r( y )nr(z) /zr(t) 

(5) r(*) £r( y )ur(2), 

since the negations imply F(U U {y,z}) = Q n ,F(U U {y}) D F({z}) = {z}, 
F(U) n F({y,z}) + <f>,F(U U {y, z}) n F({t}) = {t} and F(U U {t}) D 
F({y,z}) ^ (ft respectively, that all contradict the (w, w)— restricted separating 
property of C. 

Case 1: Assume that there exists y (0) G C\U such that |T(?/ (0) )| < [|]. For 
all y € C\U, define the correspondence V' (y) := T(y) n T(y^). Then T' is an 
injection since (4). For V' maps C\U to r(y(°)) of at most [|] elements, we get 

|C\[/| < 2tll. 

Case 2: Assume that for all y G C\17, |r(y)| > [f]. Set r x (y) := 5\r(j/), 



3 



then Ti also satisfies (l)-(5). Similarly as above, we get |C\Z7| < 2121. 

From the definition of restricted separating code, we directly get d < n — w+2. 

n — w-\-2 

Combining two results above, \C\ = \U\ + \C\U\ < 2 2 -f w — 2. □ 

2.2 Optimal Upper Bound for Separating Reed- Solomon Codes 

In the previous section we obtained new upper bounds for some separating codes. 
This section, however, is a little different. We are dealing with separating codes 
included in Reed-Solomon codes family and are proving the Upper Bound Conjec- 
ture derived from Silverbergs problem, which is to be optimal. Let ¥ q be a finite 
field of characteristic p with a primitive element a. Denote the set of all non-zero 
polynomials over ¥ q of degree less than k by P^. The following lemma is trivial 
from definition so that we are going to state without proof. 

Lemma 1 Assume that RSk(q) is not (w\,W2)— separating, then 

(1) q — 1 > I > k implies that RSi(q) is not {w\, W2) — separating 

(2) w[ >Wi,W2 > u>2 implies that RSk{q) is not (ioi, iv?)— separating 

In Q, they gave the equivalent condition with separation property of Reed- 
Solomon codes before they evolved the relation between k and q, namely, k — 1 | 
q — 1. Similarly, we state the following sufficient condition for non-separation of 
Reed-Solomon codes at first. 

Lemma 2 Let f be a non-constant polynomial belonging to Suppose there 
exist two subsets E, F oflmf such that 1 < \E\ < wi, 1 < |jF[ < W2 and either of 
the two facts Imf = EF or ImF = E + F holds true. Then, the code C = RSk{q) 
is not (wi,W2)— separating. 

Proof. We will show only in the case Imf = E + F, since the other case can 
be proven similarly. Define U := {ev((3) \ f3 € E} and V := {ev(f — 7) | 7 € 
F}. U,V are nonempty sets of at most u>i,W2 elements, respectively. Further, 
they are disjoint since / is non-constant. For all i(l < i < q — 1), there exist 
ft € £, 7i S F such that f{a i ) = fa + 7* G Imf. Set x := (ft, ■ • • , /Vi), then 
we can easily check that x belongs to desct/ndescl/. Therefore, C = RSk{q) is 
not (wi, W2)— separating. □ 

Lemma 2 allows us to discuss the relation between k,q,w\,W2 that are param- 
eters specifying separation property and Reed-Solomon codes to meet the positive 
answer for Question 2. First, we give a different proof of Theorem 3 using Lemma 
2 to show generality of our results. 

Proof of Theorem 3. Assume k > ^~^ 2 + 1 and define f(x) := x k ^ 1 . Then / 
is a polynomial of and it is a multiplicative homomorphism over F* . Therefore 
Imf is a subgroup of F* and thus, is cyclic. Let 7 be a generator of Imf, and set 

E := {7™ 2 I < i < wi - 1}, F := {7-? | < j < w 2 - 1}. Applying group 
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theory, we get |Im/| = |pj < W1W2 and Im/ = EF since |Ker/| = k — 1. Thus, 
the conditions of Lemma 2 satisfies and C is not w 2 ) — separating. □ 

Here we are to find new relation of parameters for satisfying Upper Bound 
Conjecture in terms of Lemma 2. Let ri := [log p wi], T2 := [\0gpW2]. 

Theorem 5 Suppose k — 1 | q and at least one of the following conditions are 
true. 

(1)*-1>-W- 
W1W2 

v ' p ri p T2 

(3) [^] ■ [^] > P 

p Tl p r ' 2 ~ 

IfRS k (q) is (w 1 ,w 2 ) -separating, then k < ^=±- + 1. 

Proof. Set s := k — 1 for convenience and assume s > in spite that 

RSk(q) is separating. Define f(x) := x s — x. Since the characteristic of the field 
is p and s is a power of p, f is an additive homomorphism from ¥ q to ¥ q . The 
kernel of it is Kerf = F s , therefore |Im/| = q/s. 

Assume (1) is true. Then |Im/| = q/s < ^ift < p ri+T2 . For |Im/| is a power 
of p, there exist ii, ^2(^1 ^ r i,^2 < ^2) such that |Im/| = p tl+t2 . According 
to group theory, there exist subgroups E and F of Im/ such that \E\ = p tx < 
w\, \F\ = p t2 < W2, and ImF = E + F. Therefore, applying Lemma 2 leads to 
the contradiction against {w\, W2)— separation property. 

Assume that (2) gets true. Then we get |Im/| = q/s < W1W2 < p Tl+r ' 2+l and 
since |Im/| is a power of p, it equals with |Im/| < p ri+r ' 2 . So the exactly same 
discussion as above holds in this case. 

Finally, assume that (1), (2) is false but (3) is true. Failure of (1) implies the 
fact < s < , and the equality can not be held in (3) for p is a prime 

number. Thus, W1W2 > p ri+r2 . If we consider p r ^+ 7 " 2 + 2 > w\w 2 , we get the 
series of inequalities such as p ri+r2 < Hip. < |Im/| = q/s < w\W2 < p ri+T2+2 . 
So |Im/| = p r i+ r 2+! since |Im/| is a power of p. Then there exist subgroups 
E 1 ' ,F / ,P in Im/ such that Im/ = El + Fl + P and their orders are p\,p& 
and p, respectively. Moreover, P is cyclic as its order is a prime number. Denote 
the generator of P by 7 and set P x := \ < % < [^-] - 1}, P 2 := 

0'7 I < j < [ft] - 1}. Then P = P l + P 2 since [ft] ■ [ft] > p. Now let 
E := El + Pi, F := F> + P 2 . The sizes of E, F are p ri ■ [ft] and p r ' 2 ■ [ft], 
respectively, so 1 < \E\ < c±, 1 < \F\ < C2 and Im/ = E + F. Therefore, we get 
contradiction to the separation property of RSk(q) applying Lemma 2. 

Thus, the statement of the theorem holds true in all cases. □ 

If for some k we know that (wi, W2)— separation property of RSk(q) implies 
k < 9-1 + 1, then for all integers larger than k the same holds true by Lemma 1. 
It inspired us to believe that all Reed-Solomon codes employs the conjecture. 
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The following corollaries are simple to prove. 

Corollary 1 Suppose that w\W2 > q — 1 or W1W2 \ q — 1. If the code is 
(uui, W2)— separating, then k < J-^j- + 1. 

Corollary 2 Suppose w\W2 \ q- If the code is {w\,W2)— separating, then k < 



3 Conclusion and Further Works 

The upper bounds for restricted separating codes as well as separating Reed-Solomon 
codes and their optimality were dealt with in the paper. Developing upper bounds 
for separating codes is still an important topic in theory and practice. 

Restricted separation property is quite strong condition, thus it is assumed that 
the upper bound for them will be still smaller than the one of separating codes. 
Therefore, improvement of Theorem 4 could be a possible topic. 

From the work of Q to this paper, we confirmed that Silverbergs conjecture 
is true in many cases and it derives the optimal upper bound of separating Reed- 
Solomon codes. Experimental results tell us that almost all (about 90 percent) 

Reed-Solomon codes except few cases with w in 2-25 and q in 2-4096 meets the 

r r> ] 

optimal bound M < q ""i^ '. In-depth study on separating codes and algebraic 
geometry codes seems to allow the complete solution to Silverbergs open problem. 

References 

[1] A. Barg and G. Kabatiansky, Robust parent identifying codes and combina- 
torial arrays, preprint, 201 1 

[2] A. Silverberg, J. Staddon and J. Walker, Applications of list decoding to trac- 
ing traitors, IEEE Trans. Inform. Theory 49 (2003), 1312-1318 

[3] D. Boneh and J. Shaw, Collusion-secure fingerprinting for digital data, Ad- 
vances in Cryptology - Crypto'95. Lecture notes in Computer Science 963 
(1995), 452-465 

[4] D. Stinson and G. Zaverucha, Some improved bounds for secure frameproof 
codes and related separating hash families, IEEE Trans. Inform. Theory 47 
(2001), 1042-1049 

[5] G. cohen, On separating codes, Department of Information, CNRS. Paris 
France, 2001 

[6] J. Staddon, D. Stinson and R. Wei, Combinatorial properties of frameproof 
and traceability codes, IEEE Trans. Inform. Theory 47 (2001), 1042-1049 



6 



[7] M. Fernandez, J. Cotrina and etc, A note about the identifier parent property 
in Reed-Solomon codes, Computers & Security 29 (2010), 628-635 

[8] M. Pinsker and Y. Sagalovich, Lower bound on the cardinality of code of 
automata states, Problems of Information Transmission 8 (1972), 59-66 

[9] Y. Sagalovich, Separating Systems, Problems of Information Transmission 
(54) (2008), 2508-2514 



7 



